Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Serv-U 2.5i DoS

Serv-U 2.5i DoS

by platon on February 26th, 2001 New Denial of Service attack taken from the BT mailing list...



----- Original Message -----
From: "Steven, Bates"
To:
Sent: Sunday, February 25, 2001 3:55 PM
Subject: Serv-U 2.5i DoS


> Hi, I think I found another DoS issue in Serv-U 2.5i:
>
> I've downloaded the "Fixed" version of Serv-U yesterday. I installed it on
one
> of my pc's and started %windir%RSRCMTR.EXE to see how many resources are
used
> when I flood it. Then I started to play around with the server:
>
> Ftp> open server
> Connected to server.
> 220 Serv-U FTP-Server v2.5i for WinSock ready...
>
> I coded a little java application which flooded the server with 0x00
chars,
> but at least that bug was fixed.
> So I tried other chars and found out, that 0xff was a good choice. The
> application just sends out 0xff chars in a never ending loop (I added a
> Counter to see how much chars are needed to block/crash it).
>
> char nuke=0xff;
> int Counter=0;
>
> while(true)
> {
> sout.print(nuke);
> Counter++;
> if(Counter%10000==0)
> System.out.println(Counter+" 0xff sent");
> }
>
>
> I started it, and the resources got lower and lower. When about 290000
0xff
> chars were sent, there was a popup (I am sure every Win9x user saw it
once)
> which said that 90% of the resources were already used, and that some
programs
> should be closed. I tried to click the "OK" button, but the popup did not
> react. I also noticed that the mouse cursor was moving strange... I tried
to
> login from an other pc:
>
> Ftp>open Server
> Connected to server.
> Connection closed by remote host.
>
> but as you can see, it did not work - the connection closed after the
timeout.
> Then I stopped the java application with STRG-C, the resource icon became
> green, the popup dissappeared (it finally noticed that I had clicked on
it)
> and the server was working fine again.
>
> While writing this, I was testing the flooder, but after seeing the popup
on
> the screen, I forgot to stop the flooder. When I finally noticed that, I
> stopped it - it had already sent about 2,5 Million 0xff chars to the
server. I
> tried to connect to the ftpd, but I couldn't - I was connected and
> immediatley(!) disconnected. I tested it again, but this only works
sometimes,
> i have now idea why.
>
> I do not know why the server acts like this, but this issue should really
> should be fixed.
>
> !! THE FLOODER DOES NOT WORK, IF THE SERV-U ICON IS JUST IN THE TRAY, YOU
NEED
> TO SEE THE LOGGING SCREEN !!
> !! I was only able to repoduce this behaviour on Win95, on Win98 it did
not
> seem to do anything !!
>
>
> [Craig]
> http://www.HaQuarter.De/
>
>
>



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »